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1 DETAILED ACTION 

2 

3 This action is in response to the communication filed on 7/1 8/2006. 

4 All objections and rejections not set forth below have been withdrawn. 

5 Claims 1-20 are pending. 
6 



7 Drawings 

8 

9 Figures 1 , 2, 3, 6A, and 5B should be designated by a legend such as -Prior Art- 

10 - because only that which is old is illustrated. See MPEP § 608.02(g). Corrected 



1 1 drawings in compliance with 37 CFR 1 .121(d) are required in reply to the Office action 

12 to avoid abandonment of the application. The replacement sheet(s) should be labeled 

1 3 "Replacement Sheet" in the page header (as per 37 CFR 1 .84(c)) so as not to obstruct 

14 any portion of the drawing figures. If the changes are not accepted by the examiner, the 

15 applicant will be notified and informed of any required corrective action in the next Office 

16 action. The objection to the drawings will not be held in abeyance. 
17 



1 8 Claim Rejections - 35 USC § 102 

19 

20 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 

21 form the basis for the rejections under this section made in this Office action: 

22 A person shall be entitled to a patent unless - 
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1 (b) the invention was patented or described in a printed publication in tiiis or a foreign country or in public 

2 use or on sale in this country, more than one year prior to the date of application for patent in the United 

3 States. 
4 

5 

6 Claims 1 - 20 are rejected under 35 U.S.C. 102(b) as being anticipated by Boden 

7 et al. (Boden), "System and Method for Managing Security Objects", U.S. Patent 6,330, 

8 562. 
9 

10 Regarding claim 1, Boden discloses: 

1 1 providing a plurality of security policies (7:51 -58), wherein each security policy 



1 2 includes an application instance identifier associated with a security service, at least two 

1 3 application instance identifiers being associated with different security services (3:61 - 

14 64; 7:29-29; 12:60-13:5). Boden discloses that each application (i.e. an IKE application 

1 5 and an VPN manager application) may identify, within a policy, to the system to employ 

1 6 IPSec as a way of providing security services. Each of the plurality of established 

1 7 policies may have associated with them differing security services (6:52-67). 

1 8 and creating at least one security association, wherein the at least one security 

1 9 association is created based upon the at least one security service (2:3-8) associated 

20 with at least one application instance identifier to thereby create a centralized key store 

2 1 including the plurality of security policies and the at least one security association (figs. 

22 3-3d; 3:23-36). 
23 

24 Regarding claims 6 and 1 1 they are rejected, at least, for the same reasons as 

25 claim 1 , and because Boden further discloses: 
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1 a first security gateway configured for providing a plurality of security policies (fig. 

2 1:18,19)... wherein the first security gateway is configured for applying a security 

3 service associated with an identified (7:29-29; 1 2:60-1 3:5) application instance identifier 

4 to at least one packet of data to thereby transform the at least one packet of data, 

5 wherein the first security gateway is configured for applying the security service to the at 

6 least one packet based upon at least one security policy and at least one security 

7 association (fig. 1 ; 3:60-4:4; 6:1 3-31 ; 1 1 :table 1 ); and a second security gateway 

8 configured for applying the security sen/ice associated with the identified application 

9 instance identifier to the at least one transfonned packet of data to thereby generate a 
1 0 representation of the at least one packet of data (fig. 1 ; 3:60-4:4; 6: 1 3-31 ; 1 1 :table .1 ); 
11 

12 

13 Regarding claims 2, 3, 9, 12, and 14, Boden further discloses a system 

14 comprising sending and receiving gateways. Each gateway further comprises a 

15 VPN/user application capable of creating and accessing policies within a policy 

16 definition database (3:60-4:16). Both the sending and receiving gateways receive and 

1 7 transmit packets of which are transformed upon transmission or reception according to 
.18 (application identified) security services between nodes (3:1-20; 3:60-4:16; fig. 1). 

19 

20 Regarding claims 4, 8, and 13, Boden further discloses: 

21 at least one security policy further including at least one selector field having at 

22 least one selector value in a format common to a plurality of security service protocols, 
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1 and wherein applying the security service comprises applying the security service 

2 further based upon the at least one security policy including the at least one selector 

3 value (1 1:table 1; figs. 3-3d; 13:13-50; 13:62-14:25). Boden discloses a security policy 

4 having common selector fields in addition to the application defined identifiers, wherein 

5 security services are based upon the selector fields. 
6 



7 Regarding claims 7, it is rejected, at least, for the same reasons as claims 1 and 

8 6. 
9 

1 0 Regarding claims 5, 1 0, and 1 5, Boden further discloses creating at least one 

1 1 security association according to an Internet Key Exchange (IKE) technique (3:60-4: 1 6). 

1 2 Regarding claims 16-20, they are the features and limitations of the above 



1 3 rejected claims embodies as computer instructions upon a medium. Thus, they are 

14 rejected, at least, for the same reasons as the above rejected claims, and further 

1 5 because Boden discloses a computer program product for creating and maintaining a 

1 6 centralized key store ( 1 5:62-1 6:6). 
17 

1 8 Response to Arguments 

19 

20 Applicant's arguments filed 7/18/2006 have been fully considered but they are 

21 not persuasive. 
22 
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1 . Applicant argues primarily that: 

2 

3 (i) As to the objection to FIGS. 1-3, 5A and 5B as failing to include the legend 

4 identifying those figures as illustrating prior art, Applicant respectfully submits that those 

5 figures do not in fact illustrate prior art. Rather, FIGS. 1-3, 5A and 5B illustrate systems, 

6 apparatuses and methods in accordance with exemplary embodiments of the present 

7 invention. See Pat. Appl., page 6, line 26 - page 7, line 6. (Remarks, pg. 9) 
8 

9 In response, the examiner respectfully reasserts that the above mentioned 

10 drawings do not show the applicant's invention and illustrate what was already known to 

1 1 those of ordinary skill in the art. Thus, the designation of "Prior Art" should be applied. 

1 2 For example, the applicant's figure '1 ' illustrates the general system of a host/security 

1 3 gateway found within prior art RFC 2401 [see pg. 1 1], as is even referenced by the 

14 applicant. For example, figure '2' illustrates a block diagram of a computer, including an 

1 5 interface, memory, and processor. Figure 2 further illustrates the storage of SAD and 

1 6 SPD databases. Such is not the invention of the applicant and was well known to those 

1 7 of ordinary skill in the art. Furthermore, the other drawings (figure 3 [mobile telephone] 

1 8 and figures-SA, 5B [conventional IPSec processing of packets]) also illustrate only what 

19 is old. 
20 

21 (ii) In contrast to amended independent Claim 1, Boden does not teach or suggest a 

22 centralized key store with security policies, each of which includes an aoDlication 
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1 instance identifier associated with a security service, or one or more security 

2 associations created based upon security service(s) associated with the application 

3 instance identifier(s) . In this regard, ...In no event, however, does Boden disclose 
A applying a security service other than IPSec such that the security policies include 
5 application instance identifiers associated with security services. (Remarks, pg. 1 0) 
6 

7 In response to applicant's argument that the references fail to show certain 

8 features of applicant's invention, it is noted that the features upon which applicant relies 

9 (i.e., applying a security service other than IPSec such that the security policies include 

1 0 application instance identifiers associated with security services) are not recited in the 

1 1 rejected claim(s). Although the claims are interpreted in light of the specification, 

12 limitations from the specification are not read into the claims. See In re Van Geuns, 988 

13 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 
14 

1 5 (iii) The clainrted invention, on the other hand, recites a centralized key store 

1 6 including a plurality of security policies each of which includes an application instance 

1 7 identifier associated with a respective security service, at least two of the apDlication 

18 instance identifiers being associated with different security services . (Remarks, pg. 

19 10,11) 
20 

21 In response, the examiner asserts [as also shown in the above rejections] that 

22 prior art shows a "centralized key store", a collection of security policies employed by a 
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1 plurality of applications (i.e. IKE, a VPN manager), each application utilizing one or 

2 more policies identifiecl as being an application of IPSec for providing different security 

3 services. 
4 



5 Conclusion 

6 

7 The prior art made of record and not relied upon is considered pertinent to 

8 applicant's disclosure: 

9 see Notice of References Cited 
10 

1 1 THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 

1 2 policy as set forth in 37 CFR 1 . 1 36(a). 

13 A shortened statutory period for reply to this final action is set to expire THREE 



14 MONTHS from the mailing date of this action. In the event a first reply is filed within 

1 5 TWO MONTHS of the mailing date of this final action and the advisory action is not 

16 mailed until after the end of the THREE-MONTH shortened statutory period, then the 

17 shortened statutory period will expire on the date the advisory action is mailed, and any 

1 8 extension fee pursuant to 37 CFR 1 . 1 36(a) will be calculated from the mailing date of 

19 the advisory action. In no event, however, will the statutory period for reply expire later 

20 than SIX MONTHS from the mailing date of this final action. 
21 
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1 A shortened statutory period for reply is set to expire 3 months (not less than 90 

2 days) from the mailing date of this communication. 

3 Any inquiry concerning this communication or earlier communications from the 

4 examiner should be directed to Jeffery Williams whose telephone number is (571 ) 272- 

5 7965. The examiner can normally be reached on 8:30-5:00. 

6 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

7 supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 

8 number for the organization where this application or proceeding is assigned is (703) 

9 872-9306. 

1 0 Information regarding the status of an application may be obtained from the 

1 1 Patent Application Information Retrieval (PAIR) system. Status information for 

12 published applications may be obtained from either Private PAIR or Public PAIR. 

13 Status information for unpublished applications is available through Private PAIR only. 

14 For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 

15 you have questions on access to the Private PAIR system, contact the Electronic 

1 6 Business Center (EBC) at 866-21 7-91 97 (toll-free). 
17 

18 

19 J.Williams 

20 AU2137 
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